1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    *
5    *
6    *
7    * The contents of this file are subject to the terms of the Liferay Enterprise
8    * Subscription License ("License"). You may not use this file except in
9    * compliance with the License. You can obtain a copy of the License by
10   * contacting Liferay, Inc. See the License for the specific language governing
11   * permissions and limitations under the License, including but not limited to
12   * distribution rights of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.NoSuchPermissionException;
26  import com.liferay.portal.PortalException;
27  import com.liferay.portal.SystemException;
28  import com.liferay.portal.kernel.log.Log;
29  import com.liferay.portal.kernel.log.LogFactoryUtil;
30  import com.liferay.portal.kernel.util.GetterUtil;
31  import com.liferay.portal.kernel.util.ListUtil;
32  import com.liferay.portal.kernel.util.Validator;
33  import com.liferay.portal.model.Group;
34  import com.liferay.portal.model.OrgGroupPermission;
35  import com.liferay.portal.model.Organization;
36  import com.liferay.portal.model.Permission;
37  import com.liferay.portal.model.Resource;
38  import com.liferay.portal.model.ResourceCode;
39  import com.liferay.portal.model.ResourceConstants;
40  import com.liferay.portal.model.Role;
41  import com.liferay.portal.model.User;
42  import com.liferay.portal.model.UserGroup;
43  import com.liferay.portal.security.permission.PermissionCacheUtil;
44  import com.liferay.portal.security.permission.PermissionCheckerBag;
45  import com.liferay.portal.security.permission.ResourceActionsUtil;
46  import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
47  import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
48  import com.liferay.portal.util.PropsValues;
49  import com.liferay.portal.util.comparator.PermissionComparator;
50  
51  import java.util.ArrayList;
52  import java.util.HashSet;
53  import java.util.Iterator;
54  import java.util.List;
55  import java.util.Set;
56  
57  import org.apache.commons.lang.time.StopWatch;
58  
59  /**
60   * <a href="PermissionLocalServiceImpl.java.html"><b><i>View Source</i></b></a>
61   *
62   * @author Charles May
63   * @author Brian Wing Shun Chan
64   * @author Raymond Augé
65   */
66  public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
67  
68      public Permission addPermission(
69              long companyId, String actionId, long resourceId)
70          throws SystemException {
71  
72          Permission permission = permissionPersistence.fetchByA_R(
73              actionId, resourceId);
74  
75          if (permission == null) {
76              long permissionId = counterLocalService.increment(
77                  Permission.class.getName());
78  
79              permission = permissionPersistence.create(permissionId);
80  
81              permission.setCompanyId(companyId);
82              permission.setActionId(actionId);
83              permission.setResourceId(resourceId);
84  
85              permissionPersistence.update(permission, false);
86          }
87  
88          return permission;
89      }
90  
91      public List<Permission> addPermissions(
92              long companyId, String name, long resourceId,
93              boolean portletActions)
94          throws SystemException {
95  
96          List<String> actionIds = null;
97  
98          if (portletActions) {
99              actionIds = ResourceActionsUtil.getPortletResourceActions(name);
100         }
101         else {
102             actionIds = ResourceActionsUtil.getModelResourceActions(name);
103         }
104 
105         return addPermissions(companyId, actionIds, resourceId);
106     }
107 
108     public List<Permission> addPermissions(
109             long companyId, List<String> actionIds, long resourceId)
110         throws SystemException {
111 
112         List<Permission> permissions = permissionPersistence.findByResourceId(
113             resourceId);
114 
115         permissions = ListUtil.copy(permissions);
116 
117         Set<String> actionIdsSet = new HashSet<String>();
118 
119         for (Permission permission : permissions) {
120             actionIdsSet.add(permission.getActionId());
121         }
122 
123         for (String actionId : actionIds) {
124             if (actionIdsSet.contains(actionId)) {
125                 continue;
126             }
127 
128             long permissionId = counterLocalService.increment(
129                 Permission.class.getName());
130 
131             Permission permission = permissionPersistence.create(permissionId);
132 
133             permission.setCompanyId(companyId);
134             permission.setActionId(actionId);
135             permission.setResourceId(resourceId);
136 
137             try {
138                 permissionPersistence.update(permission, false);
139             }
140             catch (SystemException se) {
141                 if (_log.isWarnEnabled()) {
142                     _log.warn(
143                         "Add failed, fetch {actionId=" + actionId +
144                             ", resourceId=" + resourceId + "}");
145                 }
146 
147                 permission = permissionPersistence.fetchByA_R(
148                     actionId, resourceId, false);
149 
150                 if (permission == null) {
151                     throw se;
152                 }
153             }
154 
155             permissions.add(permission);
156         }
157 
158         return permissions;
159     }
160 
161     public void addUserPermissions(
162             long userId, String[] actionIds, long resourceId)
163         throws PortalException, SystemException {
164 
165         User user = userPersistence.findByPrimaryKey(userId);
166 
167         List<Permission> permissions = permissionFinder.findByU_R(
168             userId, resourceId);
169 
170         permissions = getPermissions(
171             user.getCompanyId(), actionIds, resourceId);
172 
173         userPersistence.addPermissions(userId, permissions);
174 
175         PermissionCacheUtil.clearCache();
176     }
177 
178     public List<String> getActions(List<Permission> permissions) {
179         List<String> actionIds = new ArrayList<String>();
180 
181         Iterator<Permission> itr = permissions.iterator();
182 
183         while (itr.hasNext()) {
184             Permission permission = itr.next();
185 
186             actionIds.add(permission.getActionId());
187         }
188 
189         return actionIds;
190     }
191 
192     public List<Permission> getGroupPermissions(long groupId, long resourceId)
193         throws SystemException {
194 
195         return permissionFinder.findByG_R(groupId, resourceId);
196     }
197 
198     public List<Permission> getGroupPermissions(
199             long groupId, long companyId, String name, int scope,
200             String primKey)
201         throws SystemException {
202 
203         return permissionFinder.findByG_C_N_S_P(
204             groupId, companyId, name, scope, primKey);
205     }
206 
207     public List<Permission> getOrgGroupPermissions(
208             long organizationId, long groupId, long resourceId)
209         throws SystemException {
210 
211         return permissionFinder.findByO_G_R(
212             organizationId, groupId, resourceId);
213     }
214 
215     public long getLatestPermissionId() throws SystemException {
216         List<Permission> permissions = permissionPersistence.findAll(
217             0, 1, new PermissionComparator());
218 
219         if (permissions.size() == 0) {
220             return 0;
221         }
222         else {
223             Permission permission = permissions.get(0);
224 
225             return permission.getPermissionId();
226         }
227     }
228 
229     public List<Permission> getPermissions(
230             long companyId, String[] actionIds, long resourceId)
231         throws SystemException {
232 
233         List<Permission> permissions = new ArrayList<Permission>();
234 
235         for (int i = 0; i < actionIds.length; i++) {
236             Permission permission = addPermission(
237                 companyId, actionIds[i], resourceId);
238 
239             permissions.add(permission);
240         }
241 
242         return permissions;
243     }
244 
245     public List<Permission> getRolePermissions(long roleId)
246         throws SystemException {
247 
248         return rolePersistence.getPermissions(roleId);
249     }
250 
251     public List<Permission> getRolePermissions(long roleId, long resourceId)
252         throws SystemException {
253 
254         return permissionFinder.findByR_R(roleId, resourceId);
255     }
256 
257     public List<Permission> getUserPermissions(long userId, long resourceId)
258         throws SystemException {
259 
260         return permissionFinder.findByU_R(userId, resourceId);
261     }
262 
263     public List<Permission> getUserPermissions(
264             long userId, long companyId, String name, int scope, String primKey)
265         throws SystemException {
266 
267         return permissionFinder.findByU_C_N_S_P(
268             userId, companyId, name, scope, primKey);
269     }
270 
271     public boolean hasGroupPermission(
272             long groupId, String actionId, long resourceId)
273         throws SystemException {
274 
275         Permission permission = permissionPersistence.fetchByA_R(
276             actionId, resourceId);
277 
278         // Return false if there is no permission based on the given action
279         // id and resource id
280 
281         if (permission == null) {
282             return false;
283         }
284 
285         return groupPersistence.containsPermission(
286             groupId, permission.getPermissionId());
287     }
288 
289     public boolean hasRolePermission(
290             long roleId, long companyId, String name, int scope,
291             String actionId)
292         throws SystemException {
293 
294         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
295             companyId, name, scope);
296 
297         List<Resource> resources = resourcePersistence.findByCodeId(
298             resourceCode.getCodeId());
299 
300         for (Resource resource : resources) {
301             Permission permission = permissionPersistence.fetchByA_R(
302                 actionId, resource.getResourceId());
303 
304             if (permission != null) {
305                 if (rolePersistence.containsPermission(
306                         roleId, permission.getPermissionId())) {
307 
308                     return true;
309                 }
310             }
311         }
312 
313         return false;
314     }
315 
316     public boolean hasRolePermission(
317             long roleId, long companyId, String name, int scope, String primKey,
318             String actionId)
319         throws SystemException {
320 
321         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
322             companyId, name, scope);
323 
324         Resource resource = resourcePersistence.fetchByC_P(
325             resourceCode.getCodeId(), primKey);
326 
327         if (resource == null) {
328             return false;
329         }
330 
331         Permission permission = permissionPersistence.fetchByA_R(
332             actionId, resource.getResourceId());
333 
334         if (permission == null) {
335             return false;
336         }
337 
338         return rolePersistence.containsPermission(
339             roleId, permission.getPermissionId());
340     }
341 
342     public boolean hasUserPermission(
343             long userId, String actionId, long resourceId)
344         throws SystemException {
345 
346         Permission permission = permissionPersistence.fetchByA_R(
347             actionId, resourceId);
348 
349         // Return false if there is no permission based on the given action
350         // id and resource id
351 
352         if (permission == null) {
353             return false;
354         }
355 
356         return userPersistence.containsPermission(
357             userId, permission.getPermissionId());
358     }
359 
360     public boolean hasUserPermissions(
361             long userId, long groupId, List<Resource> resources,
362             String actionId, PermissionCheckerBag permissionCheckerBag)
363         throws PortalException, SystemException {
364 
365         StopWatch stopWatch = null;
366 
367         if (_log.isDebugEnabled()) {
368             stopWatch = new StopWatch();
369 
370             stopWatch.start();
371         }
372 
373         int block = 1;
374 
375         // Return false if there are no resources
376 
377         if (Validator.isNull(actionId) || resources.isEmpty()) {
378             return false;
379         }
380 
381         long[] resourceIds = null;
382 
383         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
384             resourceIds = new long[resources.size()];
385 
386             for (int i = 0; i < resources.size(); i++) {
387                 Resource resource = resources.get(i);
388 
389                 resourceIds[i] = resource.getResourceId();
390             }
391         }
392 
393         List<Permission> permissions = null;
394 
395         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
396             permissions = permissionFinder.findByA_R(actionId, resourceIds);
397 
398             // Return false if there are no permissions
399 
400             if (permissions.size() == 0) {
401                 return false;
402             }
403         }
404 
405         // Record logs with the first resource id
406 
407         long resourceId = 0;
408 
409         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
410             resourceId = resourceIds[0];
411         }
412         else {
413             resourceId = resources.get(0).getResourceId();
414         }
415 
416         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
417 
418         //List<Group> userGroups = permissionCheckerBag.getUserGroups();
419         //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
420         //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
421         //List<Group> userUserGroupGroups =
422         //  permissionCheckerBag.getUserUserGroupGroups();
423         List<Group> groups = permissionCheckerBag.getGroups();
424         List<Role> roles = permissionCheckerBag.getRoles();
425 
426         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
427 
428         // Check the organization and community intersection table. Break out of
429         // this method if the user has one of the permissions set at the
430         // intersection because that takes priority.
431 
432         //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
433         //  return true;
434         //}
435 
436         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
437 
438         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
439             return hasUserPermissions_1(
440                 userId, resourceId, actionId, permissions, groups, groupId,
441                 stopWatch, block);
442         }
443         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
444             return hasUserPermissions_2(
445                 userId, resourceId, actionId, permissions, groups, groupId,
446                 stopWatch, block);
447         }
448         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
449             return hasUserPermissions_3(
450                 userId, resourceId, actionId, permissions, groups, roles,
451                 stopWatch, block);
452         }
453         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
454             return hasUserPermissions_4(
455                 userId, resourceId, actionId, permissions, groups, roles,
456                 stopWatch, block);
457         }
458         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
459             return hasUserPermissions_5(
460                 userId, resourceId, actionId, permissions, roles, stopWatch,
461                 block);
462         }
463         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
464             return hasUserPermissions_6(
465                 userId, resourceId, resources, actionId, roles, stopWatch,
466                 block);
467         }
468 
469         return false;
470     }
471 
472     public void setGroupPermissions(
473             long groupId, String[] actionIds, long resourceId)
474         throws PortalException, SystemException {
475 
476         Group group = groupPersistence.findByPrimaryKey(groupId);
477 
478         List<Permission> permissions = permissionFinder.findByG_R(
479             groupId, resourceId);
480 
481         for (Permission permission : permissions) {
482             groupPersistence.removePermission(groupId, permission);
483         }
484 
485         permissions = getPermissions(
486             group.getCompanyId(), actionIds, resourceId);
487 
488         groupPersistence.addPermissions(groupId, permissions);
489 
490         PermissionCacheUtil.clearCache();
491     }
492 
493     public void setGroupPermissions(
494             String className, String classPK, long groupId,
495             String[] actionIds, long resourceId)
496         throws PortalException, SystemException {
497 
498         long associatedGroupId = 0;
499 
500         if (className.equals(Organization.class.getName())) {
501             long organizationId = GetterUtil.getLong(classPK);
502 
503             Organization organization =
504                 organizationPersistence.findByPrimaryKey(organizationId);
505 
506             orgGroupPermissionFinder.removeByO_G_R(
507                 organizationId, groupId, resourceId);
508 
509             associatedGroupId = organization.getGroup().getGroupId();
510         }
511         else if (className.equals(UserGroup.class.getName())) {
512             long userGroupId = GetterUtil.getLong(classPK);
513 
514             UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
515                 userGroupId);
516 
517             associatedGroupId = userGroup.getGroup().getGroupId();
518         }
519 
520         setGroupPermissions(associatedGroupId, actionIds, resourceId);
521     }
522 
523     public void setOrgGroupPermissions(
524             long organizationId, long groupId, String[] actionIds,
525             long resourceId)
526         throws PortalException, SystemException {
527 
528         Organization organization =
529             organizationPersistence.findByPrimaryKey(organizationId);
530 
531         long orgGroupId = organization.getGroup().getGroupId();
532 
533         List<Permission> permissions = permissionPersistence.findByResourceId(
534             resourceId);
535 
536         for (Permission permission : permissions) {
537             groupPersistence.removePermission(orgGroupId, permission);
538         }
539 
540         permissions = getPermissions(
541             organization.getCompanyId(), actionIds, resourceId);
542 
543         orgGroupPermissionFinder.removeByO_G_R(
544             organizationId, groupId, resourceId);
545 
546         for (Permission permission : permissions) {
547             OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
548                 organizationId, groupId, permission.getPermissionId());
549 
550             OrgGroupPermission orgGroupPermission =
551                 orgGroupPermissionPersistence.create(pk);
552 
553             orgGroupPermissionPersistence.update(orgGroupPermission, false);
554         }
555 
556         PermissionCacheUtil.clearCache();
557     }
558 
559     public void setRolePermission(
560             long roleId, long companyId, String name, int scope, String primKey,
561             String actionId)
562         throws PortalException, SystemException {
563 
564         if (scope == ResourceConstants.SCOPE_COMPANY) {
565 
566             // Remove group permission
567 
568             unsetRolePermissions(
569                 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
570                 actionId);
571         }
572         else if (scope == ResourceConstants.SCOPE_GROUP) {
573 
574             // Remove company permission
575 
576             unsetRolePermissions(
577                 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
578                 actionId);
579         }
580         else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
581             throw new NoSuchPermissionException();
582         }
583 
584         Resource resource = resourceLocalService.addResource(
585             companyId, name, scope, primKey);
586 
587         Permission permission = permissionPersistence.fetchByA_R(
588             actionId, resource.getResourceId());
589 
590         if (permission == null) {
591             long permissionId = counterLocalService.increment(
592                 Permission.class.getName());
593 
594             permission = permissionPersistence.create(permissionId);
595 
596             permission.setCompanyId(companyId);
597             permission.setActionId(actionId);
598             permission.setResourceId(resource.getResourceId());
599 
600             permissionPersistence.update(permission, false);
601         }
602 
603         rolePersistence.addPermission(roleId, permission);
604 
605         PermissionCacheUtil.clearCache();
606     }
607 
608     public void setRolePermissions(
609             long roleId, long companyId, String name, int scope, String primKey,
610             String[] actionIds)
611         throws PortalException, SystemException {
612 
613         for (int i = 0; i < actionIds.length; i++) {
614             String actionId = actionIds[i];
615 
616             setRolePermission(
617                 roleId, companyId, name, scope, primKey, actionId);
618         }
619     }
620 
621     public void setRolePermissions(
622             long roleId, String[] actionIds, long resourceId)
623         throws PortalException, SystemException {
624 
625         Role role = rolePersistence.findByPrimaryKey(roleId);
626 
627         List<Permission> permissions = permissionFinder.findByR_R(
628             roleId, resourceId);
629 
630         rolePersistence.removePermissions(roleId, permissions);
631 
632         permissions = getPermissions(
633             role.getCompanyId(), actionIds, resourceId);
634 
635         rolePersistence.addPermissions(roleId, permissions);
636 
637         PermissionCacheUtil.clearCache();
638     }
639 
640     public void setUserPermissions(
641             long userId, String[] actionIds, long resourceId)
642         throws PortalException, SystemException {
643 
644         User user = userPersistence.findByPrimaryKey(userId);
645 
646         List<Permission> permissions = permissionFinder.findByU_R(
647             userId, resourceId);
648 
649         userPersistence.removePermissions(userId, permissions);
650 
651         permissions = getPermissions(
652             user.getCompanyId(), actionIds, resourceId);
653 
654         userPersistence.addPermissions(userId, permissions);
655 
656         PermissionCacheUtil.clearCache();
657     }
658 
659     public void unsetRolePermission(long roleId, long permissionId)
660         throws SystemException {
661 
662         Permission permission = permissionPersistence.fetchByPrimaryKey(
663             permissionId);
664 
665         if (permission != null) {
666             rolePersistence.removePermission(roleId, permission);
667         }
668 
669         PermissionCacheUtil.clearCache();
670     }
671 
672     public void unsetRolePermission(
673             long roleId, long companyId, String name, int scope, String primKey,
674             String actionId)
675         throws SystemException {
676 
677         ResourceCode resourceCode =
678             resourceCodeLocalService.getResourceCode(
679                 companyId, name, scope);
680 
681         Resource resource = resourcePersistence.fetchByC_P(
682             resourceCode.getCodeId(), primKey);
683 
684         if (resource != null) {
685             Permission permission = permissionPersistence.fetchByA_R(
686                 actionId, resource.getResourceId());
687 
688             if (permission != null) {
689                 rolePersistence.removePermission(roleId, permission);
690             }
691         }
692 
693         PermissionCacheUtil.clearCache();
694     }
695 
696     public void unsetRolePermissions(
697             long roleId, long companyId, String name, int scope,
698             String actionId)
699         throws SystemException {
700 
701         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
702             companyId, name, scope);
703 
704         List<Resource> resources = resourcePersistence.findByCodeId(
705             resourceCode.getCodeId());
706 
707         for (Resource resource : resources) {
708             Permission permission = permissionPersistence.fetchByA_R(
709                 actionId, resource.getResourceId());
710 
711             if (permission != null) {
712                 rolePersistence.removePermission(roleId, permission);
713             }
714         }
715 
716         PermissionCacheUtil.clearCache();
717     }
718 
719     public void unsetUserPermissions(
720             long userId, String[] actionIds, long resourceId)
721         throws SystemException {
722 
723         List<Permission> permissions = permissionFinder.findByU_A_R(
724             userId, actionIds, resourceId);
725 
726         userPersistence.removePermissions(userId, permissions);
727 
728         PermissionCacheUtil.clearCache();
729     }
730 
731     protected boolean checkOrgGroupPermission(
732             List<Organization> organizations, List<Group> groups,
733             List<Permission> permissions)
734         throws PortalException, SystemException {
735 
736         for (Permission permission : permissions) {
737             if (checkOrgGroupPermission(organizations, groups, permission)) {
738                 return true;
739             }
740         }
741 
742         return false;
743     }
744 
745     protected boolean checkOrgGroupPermission(
746             List<Organization> organizations, List<Group> groups,
747             Permission permission)
748         throws PortalException, SystemException {
749 
750         // Do not check for an OrgGroupPermission intersection unless there is
751         // at least one organization and one group to check
752 
753         if ((organizations.size() == 0) || (groups.size() == 0)) {
754             return false;
755         }
756 
757         // Do not check unless the OrgGroupPermission intersection contains at
758         // least one permission
759 
760         List<OrgGroupPermission> orgGroupPermissions =
761             orgGroupPermissionPersistence.findByPermissionId(
762                 permission.getPermissionId());
763 
764         if (orgGroupPermissions.size() == 0) {
765             return false;
766         }
767 
768         for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
769             if (orgGroupPermission.containsOrganization(organizations) &&
770                 orgGroupPermission.containsGroup(groups)) {
771 
772                 return true;
773             }
774         }
775 
776         // Throw an exception so that we do not continue checking permissions.
777         // The user has a specific permission given in the OrgGroupPermission
778         // intersection that prohibits him from going further.
779 
780         throw new NoSuchPermissionException(
781             "User has a permission in OrgGroupPermission that does not match");
782     }
783 
784     protected boolean hasUserPermissions_1(
785             long userId, long resourceId, String actionId,
786             List<Permission> permissions, List<Group> groups, long groupId,
787             StopWatch stopWatch, int block)
788         throws SystemException {
789 
790         // Is the user connected to one of the permissions via group or
791         // organization roles?
792 
793         if (groups.size() > 0) {
794             if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
795                 return true;
796             }
797         }
798 
799         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
800 
801         // Is the user associated with groups or organizations that are directly
802         // connected to one of the permissions?
803 
804         if (groups.size() > 0) {
805             if (permissionFinder.countByGroupsPermissions(
806                     permissions, groups) > 0) {
807 
808                 return true;
809             }
810         }
811 
812         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
813 
814         // Is the user connected to one of the permissions via user roles?
815 
816         if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
817             return true;
818         }
819 
820         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
821 
822         // Is the user connected to one of the permissions via user group roles?
823 
824         if (permissionFinder.countByUserGroupRole(
825                 permissions, userId, groupId) > 0) {
826 
827             return true;
828         }
829 
830         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
831 
832         // Is the user directly connected to one of the permissions?
833 
834         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
835             return true;
836         }
837 
838         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
839 
840         return false;
841     }
842 
843     protected boolean hasUserPermissions_2(
844             long userId, long resourceId, String actionId,
845             List<Permission> permissions, List<Group> groups, long groupId,
846             StopWatch stopWatch, int block)
847         throws SystemException {
848 
849         // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
850         // countByUserGroupRole, and countByUsersPermissions in one method
851 
852         if (permissionFinder.containsPermissions_2(
853                 permissions, userId, groups, groupId)) {
854 
855             return true;
856         }
857 
858         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
859 
860         return false;
861     }
862 
863     protected boolean hasUserPermissions_3(
864             long userId, long resourceId, String actionId,
865             List<Permission> permissions, List<Group> groups, List<Role> roles,
866             StopWatch stopWatch, int block)
867         throws SystemException {
868 
869         // Is the user associated with groups or organizations that are directly
870         // connected to one of the permissions?
871 
872         if (groups.size() > 0) {
873             if (permissionFinder.countByGroupsPermissions(
874                     permissions, groups) > 0) {
875 
876                 return true;
877             }
878         }
879 
880         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
881 
882         // Is the user associated with a role that is directly connected to one
883         // of the permissions?
884 
885         if (roles.size() > 0) {
886             if (permissionFinder.countByRolesPermissions(
887                     permissions, roles) > 0) {
888 
889                 return true;
890             }
891         }
892 
893         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
894 
895         // Is the user directly connected to one of the permissions?
896 
897         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
898             return true;
899         }
900 
901         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
902 
903         return false;
904     }
905 
906     protected boolean hasUserPermissions_4(
907             long userId, long resourceId, String actionId,
908             List<Permission> permissions, List<Group> groups, List<Role> roles,
909             StopWatch stopWatch, int block)
910         throws SystemException {
911 
912         // Call countByGroupsPermissions, countByRolesPermissions, and
913         // countByUsersPermissions in one method
914 
915         if (permissionFinder.containsPermissions_4(
916                 permissions, userId, groups, roles)) {
917 
918             return true;
919         }
920 
921         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
922 
923         return false;
924     }
925 
926     protected boolean hasUserPermissions_5(
927             long userId, long resourceId, String actionId,
928             List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
929             int block)
930         throws SystemException {
931 
932         if (roles.size() > 0) {
933             if (permissionFinder.countByRolesPermissions(
934                     permissions, roles) > 0) {
935 
936                 return true;
937             }
938         }
939 
940         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
941 
942         return false;
943     }
944 
945     protected boolean hasUserPermissions_6(
946             long userId, long resourceId, List<Resource> resources,
947             String actionId, List<Role> roles, StopWatch stopWatch,
948             int block)
949         throws PortalException, SystemException {
950 
951         // Iterate the list of resources in reverse order to test permissions
952         // from company scope to individual scope because it is more likely that
953         // a permission is assigned at a higher scope. Optimizing this method
954         // to one SQL call may actually slow things down since most of the calls
955         // will pull from the cache after the first request.
956 
957         for (int i = resources.size() - 1; i >= 0; i--) {
958             Resource resource = resources.get(i);
959 
960             for (Role role : roles) {
961                 if (resourcePermissionLocalService.hasResourcePermission(
962                         resource.getCompanyId(), resource.getName(),
963                         resource.getScope(), resource.getPrimKey(),
964                         role.getRoleId(), actionId)) {
965 
966                     return true;
967                 }
968             }
969         }
970 
971         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
972 
973         return false;
974     }
975 
976     protected void logHasUserPermissions(
977         long userId, long resourceId, String actionId, StopWatch stopWatch,
978         int block) {
979 
980         if (!_log.isDebugEnabled()) {
981             return;
982         }
983 
984         _log.debug(
985             "Checking user permissions block " + block + " for " + userId +
986                 " " + resourceId + " " + actionId + " takes " +
987                     stopWatch.getTime() + " ms");
988     }
989 
990     private static Log _log =
991         LogFactoryUtil.getLog(PermissionLocalServiceImpl.class);
992 
993 }